CHINA: CEASE ‘COLD WAR’ ON CYBER – The rising temperature between Beijing and Washington on cybersecurity is already scalding business and shows no sign of cooling. Chinese officials called for international cybersecurity cooperation yesterday while implicitly berating the U.S. for “defamation” in the wake of last month’s commercial cyberespionage indictments against PLA hackers. As the first-of-their-kind charges have faded from the front pages, the fallout has continued to hit U.S. tech companies in the Chinese market.

Story Continued Below

Today and yesterday, China hosted international talks with the U.N. in Beijing, where China’s vice foreign minister spoke out against a “zero-sum mentality and Cold War ideology” and warned against an “arms race in cyberspace.” He also called out “an individual country” for “double standards on the cyber issue,” saying it had “concocted ‘regulations’ only applicable to other countries” and defamed others — though he did not name the U.S. — according to a transcript from the Foreign Affairs Ministry. While a top State Department cybersecurity official is in Beijing, China skipped a back-channel multinational meeting in Washington earlier this week. More on the talks, from Joe Marks: http://politico.pro/1nU9qvF. And Thursday’s speech: http://bit.ly/1nmL6zf

CYBERATTACKS UP IN LATIN AMERICA — Nearly every Latin American country saw an increase in cyberattacks in 2013, a new report finds, and the upcoming World Cup features prominently in some of them. The quadrennial soccer event in Brazil will be a major target for online fraudsters and other hackers, and malware, phishing attacks and email schemes are already popping up, computer security firm Symantec said in the report out this week. The analysis of shifts in Latin American and Caribbean cybersecurity in 2013, compiled for the Organization of American States, also found the cost of cybercrime was $8 billion in Brazil that year — the highest in any country in the region — followed by $3 billion in Mexico and $464 million in Colombia.” The story, from Joe: http://politico.pro/1hDfDK6. And the report: http://bit.ly/1pJQv6y

HAPPY FRIDAY and welcome to Morning Cybersecurity on this 70th anniversary of D-Day. If the courage exhibited that day wasn’t enough, this 93-year-old veteran of the 101st Airborne that parachuted onto Utah Beach 70 years ago parachuted into Normandy again yesterday to mark the occasion: http://cnn.it/1hCyftB. He told CNN it was easier this time without anyone shooting at him. Enjoy your weekend and send your thoughts, tips and feedback to tkopan@politico.com and follow @ talkopan, @ POLITICOPro and @ MorningCybersec. Full team info is below.

SENATE SEARCHING FOR ‘GOLDILOCKS ZONE’ ON USA FREEDOM – NSA reform got its first look from senators yesterday, as the Senate Intelligence Committee held a hearing on the USA FREEDOM Act, which passed the House 303-121. But the only point of agreement was that the bill needs work, with senators split over whether it’s too weak or too strong. “I believe the House-passed bill … is not the true reform I have demanded and many other Americans have for years,” said Sen. Mark Udall.

“Ranking member Saxby Chambliss (R-Ga.), on the other hand, found the bill too aggressive: ‘It seems to me that swapping the current program out for an untested system may be a pretty bad deal from a national security perspective and for the American people.’ The divergent approaches — especially for a bill that passed the House by a nearly 3-to-1 margin — reflect the challenge that tech companies and Americans wary of government surveillance have to wrangle with as they pursue reform. Many, including those in Silicon Valley, have pushed for changes over the course of a full year but are still unhappy with the legislation that now stands the best chance of getting passed. And in the Senate, they’ll have to grapple with some of the lawmakers most opposed to any changes.” More, from Alex Byers: http://politico.pro/Ugm5fm

SENATE APPROPRIATORS MOVE SWIFTLY ON CJS — The Commerce, Justice, Science and Related Agencies FY15 allocation bill yesterday advanced 30-0 out of the Appropriations Committee, which didn’t even take an hour of debate time on the bill that funds the cybersecurity work of agencies like the Department of Justice, federal law enforcement, NIST and its National Strategy for Trusted Identities in Cyberspace office. Only two amendments were offered and both passed easily. As part of the managers’ package amendment, Sen. Mike Johanns added language that would require the NTIA to report quarterly to two Senate panels on its efforts transfer its oversight of the international domain name governing body ICANN and calls for a review of the plan to ensure ICANN “has in place a NTIA approved multi-stakeholder oversight plan that is insulated from foreign government and inter-governmental control.” The amendment: http://1.usa.gov/1kAApKu

Full text of the bill, which the subcommittee marked up on Tuesday, has yet to be released, although Appropriations staff promise it will be out some time today, at which point we’ll go through it with a fine-tooth comb. In the meantime, TechAmerica is going to bat for NSTIC, whose funding was gutted in the House version: http://bit.ly/1kOhN3X

DOD DÉJÀ VU — Looks like copy and paste was the order of the day at the Pentagon when officials there put together this year’s annual report on Chinese military capabilities, publically released yesterday. Habitual readers of this deeply-hedged report were quick to note that the section dealing with cyberattacks against the military is nearly a word-for-word reprinting of last year’s section, but for the year. “In 2013, numerous computer systems around the world, including those owned by the U.S. Government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military. These intrusions were focused on exfiltrating information,” the report said, again. The real question is, will it say the same again next year? The report: http://1.usa.gov/1nTa9xj

ANOTHER OPENSSL VULNERABILITY — OpenSSL, the ubiquitous open-source encrypted communications program that underpins global e-commerce and email privacy yesterday issued a series of fixes to flaws and vulnerabilities in its code, including one that would allow an attacker to snoop on and impersonate encrypted communications. The so-called Man-In-The-Middle, or MITM vulnerability, was designated CVE-2014-0224 in the OpenSSL announcement. Engineers said the bug had been in the code for more than 15 years, and would affect many variants of the program, including ones updated to take account of the Heartbleed vulnerability. The bug was reported to OpenSSL developers on May 1 by a Japanese researcher but was not publicly released until a fix had been developed. The announcement: http://bit.ly/1kBejX7

ADMINISTRATION OPEN TO LIABILITY PROTECTION – The Obama administration could support new legislation granting the private sector cybersecurity liability protection, provided the protections are targeted and narrowly drawn, a top DHS official said yesterday. The private sector has two common requests for liability protection, said Suzanne Spaulding, undersecretary for the National Protection and Programs Directorate, at a meeting of the Homeland Security Advisory Council: information sharing and actions taken using government-supplied information. While the first is relatively simple, the latter is more difficult, she said. More: http://politico.pro/TjVeOI

GAO: CYBERSECURITY AT PORTS NEEDS MORE ATTENTION – Cybersecurity concerns don’t get enough attention at American ports, leaving a lynchpin of the U.S. and global economy potentially open to cyberattack, the GAO said in a report issued yesterday. The congressional watchdog also chastised the Coast Guard and FEMA for not doing more on cyberthreats in their port-related security activities, although both agencies promised to implement GAO recommendations. While the Coast Guard has paid close attention to physical threats, like bombs, cyberthreats have gone so far unaddressed in the service’s biennially updated risk assessment document, the National Maritime Strategic Risk Assessment. Coast Guard officials said they didn’t have the data they needed to include it, telling auditors the risk model they used lacked cyber-related information. The report: http://1.usa.gov/1mfmchE

ICYMI — POLITICO Pro eHealth — went live this week covering all of latest policy developments on electronic health records, telemedicine, health apps, federal health IT and more — that you need to do your job. Plus, Pros get exclusive access to instant intelligence, smart analysis, customized content and Pro-only events. For more info, contact us today at Cyb.info@politicopro.com.

** A Message from the U.S. Chamber of Commerce:Join us on October 4 to explore the ways the public and private sectors are working together to enhance our nation’s cybersecurity. Experts will dive into the day’s biggest issues, tackling challenges facing government and the private sector. Featured speakers include Michael Daniel, former Cybersecurity Advisor, The White House; Gen. Michael Hayden (USAF, ret.), former Director of the CIA and the NSA; Michael Morell, former Acting Director, the CIA; and Theresa Payton, former Chief Information Officer, The White House. Learn more and register here. **